Device Discovery

To add devices to
Symantec PAM
easily, you can use the device discovery feature, which identifies and registers devices. Device discovery is an alternative to manually adding target devices.
capam32
HID_deviceDiscovery
To add devices to
Symantec PAM
easily, you can use the device discovery feature, which identifies and registers devices. Device discovery is an alternative to manually adding target devices.
To perform discovery of Devices, follow these steps:
  1. Select Devices, Discovery.
    The Discovery panel appears with four tabs.
  2. Create a Device Scan Profile.
  3. Run the Device Scan.
  4. View Scan Results.
  5. Bring Devices under management.
  6. (Optional) Export the results to a CSV file. 
Device Scan Profiles
To configure a device scan profile, follow these steps:
  1. Select the 
    Device Scan Profiles
     tab and select the Add button.
  2. On the 
    Profile
     tab, name the profile, and enter an optional description.
  3. To put all discovered devices under management, select Auto-manage devices.
  4. In the 
    Default OS
     field, select an OS to narrow the specific discovery criteria or select Other.
    Device Discovery might not reliably identify the device operating system. If the scan results show an incorrect operating system, you can change the operating system once the device is under management. Select
    Devices, Manage Devices,
    and update the
    Operating System
    field.
  5. To specify
     
    the number of days after which discovered devices are deleted, set the 
    Purge Interval (in days)
     field. Unless the device is discovered by a different scan profile, the device is deleted. The default value for the purge interval default is set under 
    Global Settings, Basic Settings, Scan Purge Interval
    .
  6. Optionally, in case Discovery does not determine a location, specify a location in the 
    Default Location
     field.
  7. On the 
    Inclusions
     tab, identify at least one target IP address or one device name to include in the discovery. You can include multiple entries for each type of target. Select the plus sign to add entries.
    • Specify IP addresses slash notation (192.168.2.0/24). All subordinate addresses are included as part of the scan unless there is a corresponding Exclusion address. Wildcards and address range notation is allowed for IPv4 addresses. Use asterisks as wildcards in the format 192.169.0.*. Specify ranges in the format x.x.x.x-x.
    • Device name discovery requires configuration of a DNS server in the appliance. Add DNS Servers in the Network Configuration section accessible from the Config menu.
  8. The 
    Exclusions
     tab enables you to specify IP addresses to exclude from the Scan. Use the same notation as for Inclusions.
  9. The 
    Access Methods
     tab enables selection from Default Access Methods which have been enabled on the Global Settings page.
  10. The
     Services
     tab enables you to select Services to scan. These Services are the same Services, with their descriptions and port numbers, which are listed on the Services menu.
  11. If you configured device groups (Devices, Manage Groups), you can select them on the 
    Device Groups
     tab.
  12. The 
    Tags
     tab allows you to add Tags to the discovered devices. Tags are free-form labels that are added on the Manage Devices page. If any Tags have been created, they appear in the Available column. You can add new Tags in Tag Name section below the selection columns.
  13. The 
    Target Applications
     tab lists available application such as SSH, LDAP, and MSSQL. Select applications to scan from this list.
  14. Optionally, use the Schedule tab to create a schedule to run the scan or run it on demand. After you select a frequency, other fields appear. Select the appropriate time intervals. Select 
    OK
     to save the profile.
    To run the scan on demand rather than on a schedule, select OK to save it. Select the Scan Profile from the Scan Profiles list, and select Run above the list.
To delete a profile, select the scan and select 
Delete. 
The scan is deleted from the Device Scan History. The appliance also deletes any devices that are associated with that profile, unless the devices are associated with another scan profile.
Discovery Jobs
Once a scan is running, review its progress on the 
Discovery Jobs
 tab. You can also cancel the job on this panel by clicking Cancel Job. Once it is complete, view a summary of its results on the Device Scan History tab.
The Discovery Jobs and other tables are refreshed according to the default set on the Global Settings page. Table Refresh Interval is in the Basic Settings section, and defaults to 60 seconds.
Device Scan History
Select the Device Scan History tab to view the results of a device discovery scan. This tab defaults to showing Most Recent Scans for each Profile. Each row shows a Scan Profile, its latest discovery date and time, and a summary of the scan results. The summary shows a count of discovered devices, how many are new, and not found. "Not found" devices were discovered by a previous run of the same Scan Profile, but are now missing. These numbers refer only to the latest run of this scan profile. Clicking the Summary numbers opens the Scan Results window with focus on that category tab.
The Most Recent Scans page has a filter capability and three buttons: View Summary Details, View Scan Results, and View Scans.
View Summary Details
The View Summary Details button opens the Scan Results window. The Scan Information tab displays the Scan Profile name and the Job Time. The Discovered Devices, New Devices, and Not Found Devices tabs list the Device Names of each respective category. The Logs tab displays a table including each action that is taken regarding this scan.
View Scan Results
On the Device Scan History tab, select a Scan Profile row, then on View Scan Results to see information about the discovered devices. The device name, its Operating System, and its scan status are displayed. A checkbox indicates whether
Symantec PAM
 manages the device. To manage a device, select it by clicking its row or checking the box to the left of its device name. The Manage button above the Is Managed column activates. Select Manage, and answer the dialog. You can also select the Manage All button to manage all listed devices. The Export button sends detailed information about each discovered device to a CSV file. The Logs button displays a window with a log table including each action taken regarding this scan. The Update button is active for one device at a time. This button lets you change the management, access methods, services, and applications associated with the selected device.
View Scans
To see all scans that are run for a given profile, select the 
View Scans
 button above the summary. The resulting table lists details for each job. Select a Scan Discovery Time and either View Summary Details for lists of discovered device names, or 
View Scan Results
 for detailed, updatable information.
To see all discovered devices rather than only devices for a given scan, select the Discovered Devices tabs at the top of the Discovery area.
The number of items in the Device Scan Results is controlled by the Global Settings page. Default Page Size, under Basic Settings, defaults to 30. This option also controls the number of items that are shown in the Device discovery lists.
Discovered Devices
The 
Discovered Devices
 tab displays a list of all discovered devices, the operating system, scan status, and latest discovery time. A checkbox indicates whether the device is managed.
Manage
To manage a device, select it by clicking its row or checking the box to the left of its device name. The Manage button above the Is Managed column activates. Select Manage, and answer the dialog. You can also select the Manage All button to manage all listed devices.
Export
The Export button sends detailed information about each discovered device to a CSV file.
Update
The Update button is active for one device at a time. Select Update to display the Update Discovered Device window. The various tabs allow you to change the management, access methods, services, and applications associated with the selected device. The Device Information tab provides details, such as IP address, OS detail, status, and other information.
The number of items in the Discovered Devices is controlled by the Global Settings page. Default Page Size, under Basic Settings, defaults to 30. This setting also controls the number of items that are shown in the Device discovery lists.